Re: transparent proxies

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 31 Jul 1997 01:51:35 +0200

The security warning is simply to make you aware that a squid process
with "httpd_accel_uses_host_header on" can be used as a "jumpgate" to
reach any server reachable from the squid host, regardless of any DNS
aliases/adresses pointing to the squid server. Usually not a issue on a
proxy, since this is what you want anyway.

But if Squid is used in a firewalled HTTP accelerator environment it can
be very important (depending on how stupid you or your network coponents
are when you set up the environment).

---
Henrik Nordström
John Saunders wrote:
> #       different HTTP servers by looking at this header.  However,
> #       Squid does NOT check the value of the Host header, so it opens
> #       a big security hole.  We recommend that this option remain
> #       disabled unless you are sure of what you are doing.
> #
> httpd_accel_uses_host_header on
> 
> Ignore the warning about security and enable this option for using the
> Host: header.
>
Received on Wed Jul 30 1997 - 17:42:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:52 MST